While being a procrastinator instead of studying for the SMFE, I worked on a module that would be helpful in grabbing files from an exploited machine. I reviewed some of the previous metasploit scripts written by the great Carlos Perez. He has written many scripts and is a contributor to the metasploit framework on a regular basis. With his generous guidance, I was able to finish up this post exploit module within a day. I will add a section for windows server when I get a chance.

I was re-watching/restudying some of the videos for Metasploit Framework Expert. One video in particular “Lesson 7: Post Exploitation Kill AV and Bypass Firewall”, made me decided to automate the task with a post exploit module.

Metasploit auto run scripts are great when you need a module to run automatically post exploitation. Getting a single script to run post meterpreter is pretty easy, but what if you wanted multiple post scripts to run? From the msfconsole prompt run: set AutoRunScript multi_console_command -rc “path/name of rc file”

I was doing some scanning the other day against my test lab of VM’s. I noticed that nmap and db_nmap were seeing my windows XP machine as Server 2003. Nmap identified its OS details: Microsoft Windows XP Professional SP2 or Windows Server 2003. When it’s placed inside of the metasploit db, it has the os_flavor 2003. This could be a problem depending on resource scripts or when you attempt to use an exploit against the box.

In December I purchased the certification course SMFE from security tube trainer Vivek Ramachandran. While watching the training videos, I started thinking of ways to speed up processes during a pentest engagement. With the dedault install of metasploit 4.2, you get postgresql database support. With this support you can import different 3rd party vulnerability scan reports, import xml nmap scans, add hosts manually, or run the db_nmap command which directly adds the hosts and services discovered. In the event I didn’t import a vulnerability scan into the database, I wanted a way to check the db list of hosts for easy exploitable vulnerabilities. I checked with Carlos Perez(darkoperator) and confirmed that resource scripts were the way to go. I couldn’t find much in the way of API documentation for these. My only source seemed to be the resource folder inside the scripts folder. There is enough code in each of the scripts that I was able to figure out how to accomplish what I wanted to do. Basically there are two ways I could go about creating these scripts:

2. Create a scripted file leveraging data in the datastore or database of hosts.

root@bt:/opt/metasploit/msf3/scripts/resource# cat auto_brute.rc
# auto_brute.rc
# Author: m-1-k-3 (Web: http://www.s3cur1ty.de / Twitter: @s3cur1ty_de)
# This Metasploit RC-File could be used to automate the bruteforce process
# the services are used from the already discovered service details of the database
# for this we need the service names in the db!
# VERBOSE is used from the global datastore
# THREADS is used from the global datastore
# USER_FILE and PASS_File is used from the global datastore
# WARNING: You could lock out users with this resource script!
#throttling if we get too much jobs
maxjobs = 8
wordlistpath = "#{Msf::Config.install_root}/data/wordlists"
if (framework.datastore['USER_FILE'] == nil)
# we are using the default unix wordlists
run_single("setg USER_FILE #{wordlistpath}/unix_users.txt")
end

I went with 2 beings I needed to access data located in the database of hosts. The script I am providing can be added to quite easily to leverage more auxiliary modules or exploits.

I have been running into the issue of getting the airport wifi card to properly bridge with my vmware guests. This blog post describes how to get vmware fusion 3.x working in a bridged configuration. This link here is how I was able to properly configure my macbook. You essentially add a second network adapter and assign it bridged to the (WI-FI) airport card. You may have to reboot your vm or even your wireless access point in order for it to kick in.

So I purchased a new Macbook Pro 17″ i7 laptop. Very sweet Rig! I managed to get metasploit up and running by following the rapid 7 instructions and help from
Carlos Perez(Darkoperator). So besides metasploit on the laptop, I wanted SET installed. I didn’t look up directions and decided to wing it.

1. Lets pull down SET.

svn co http://svn.secmaniac.com/social_engineering_toolkit set/

2. There are some python prerequisites for SET to run properly. The first one is Pexpect.
To install first extract, cd into the folder, then run

sudo python setup.py install

3. The last prerequisite is BeautifulSoup
To install first extract just like above, cd into the folder, then run